SOA-C02 · Question #284
SOA-C02 Question #284: Real Exam Question with Answer & Explanation
The correct answer is B: Configure VPC Flow Logs on the elastic network interface of each task.. The awsvpc network mode also provides greater security for your containers by enabling you to use security groups and network monitoring tools at a more granular level within your tasks. Because each task gets its own elastic network interface (ENI), you can also use other Amazon
Question
A company is using Amazon Elastic Container Service (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator needs to monitor only traffic flows between the ECS tasks. Which combination of steps should the SysOps administrator take to meet this requirement? (Choose two.)
Options
- AConfigure Amazon CloudWatch Logs on the elastic network interface of each task.
- BConfigure VPC Flow Logs on the elastic network interface of each task.
- CSpecify the awsvpc network mode in the task definition.
- DSpecify the bridge network mode in the task definition.
- ESpecify the host network mode in the task definition.
Explanation
The awsvpc network mode also provides greater security for your containers by enabling you to use security groups and network monitoring tools at a more granular level within your tasks. Because each task gets its own elastic network interface (ENI), you can also use other Amazon EC2 networking features such as VPC Flow Logs to monitor traffic to and from your tasks. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking-awsvpc.html
Community Discussion
No community discussion yet for this question.